Package com.google.protos.google.cloud.binaryauthorization.v1

Stay organized with collections Save and categorize content based on your preferences.

A client to Binary Authorization API

The interfaces provided are listed below, along with usage samples.

BinauthzManagementServiceV1Client

Service Description: Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

Sample for BinauthzManagementServiceV1Client:


 try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
     BinauthzManagementServiceV1Client.create()) {
   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
   Resources.Policy response = binauthzManagementServiceV1Client.getPolicy(name);
 }
 

SystemPolicyV1Client

Service Description: API for working with the system policy.

Sample for SystemPolicyV1Client:


 try (SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create()) {
   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
   Resources.Policy response = systemPolicyV1Client.getSystemPolicy(name);
 }
 

ValidationHelperV1Client

Service Description: BinAuthz Attestor verification

Sample for ValidationHelperV1Client:


 try (ValidationHelperV1Client validationHelperV1Client = ValidationHelperV1Client.create()) {
   Service.ValidateAttestationOccurrenceRequest request =
       Service.ValidateAttestationOccurrenceRequest.newBuilder()
           .setAttestor("attestor542920680")
           .setAttestation(AttestationOccurrence.newBuilder().build())
           .setOccurrenceNote("occurrenceNote1722072419")
           .setOccurrenceResourceUri("occurrenceResourceUri1001424877")
           .build();
   Service.ValidateAttestationOccurrenceResponse response =
       validationHelperV1Client.validateAttestationOccurrence(request);
 }
 

Classes

AttestorName

AttestorName.Builder

Builder for projects/{project}/attestors/{attestor}.

BinauthzManagementServiceV1Client

Service Description: Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
     BinauthzManagementServiceV1Client.create()) {
   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
   Resources.Policy response = binauthzManagementServiceV1Client.getPolicy(name);
 }
 

Note: close() needs to be called on the BinauthzManagementServiceV1Client object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of BinauthzManagementServiceV1Settings to create(). For example:

To customize credentials:


 BinauthzManagementServiceV1Settings binauthzManagementServiceV1Settings =
     BinauthzManagementServiceV1Settings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
     BinauthzManagementServiceV1Client.create(binauthzManagementServiceV1Settings);
 

To customize the endpoint:


 BinauthzManagementServiceV1Settings binauthzManagementServiceV1Settings =
     BinauthzManagementServiceV1Settings.newBuilder().setEndpoint(myEndpoint).build();
 BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
     BinauthzManagementServiceV1Client.create(binauthzManagementServiceV1Settings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

BinauthzManagementServiceV1Client.ListAttestorsFixedSizeCollection

BinauthzManagementServiceV1Client.ListAttestorsPage

BinauthzManagementServiceV1Client.ListAttestorsPagedResponse

BinauthzManagementServiceV1Grpc

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Grpc.BinauthzManagementServiceV1BlockingStub

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Grpc.BinauthzManagementServiceV1FutureStub

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Grpc.BinauthzManagementServiceV1ImplBase

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Grpc.BinauthzManagementServiceV1Stub

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Settings

Settings class to configure an instance of BinauthzManagementServiceV1Client.

The default instance has everything set to sensible defaults:

  • The default service address (binaryauthorization.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getPolicy to 30 seconds:


 BinauthzManagementServiceV1Settings.Builder binauthzManagementServiceV1SettingsBuilder =
     BinauthzManagementServiceV1Settings.newBuilder();
 binauthzManagementServiceV1SettingsBuilder
     .getPolicySettings()
     .setRetrySettings(
         binauthzManagementServiceV1SettingsBuilder
             .getPolicySettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 BinauthzManagementServiceV1Settings binauthzManagementServiceV1Settings =
     binauthzManagementServiceV1SettingsBuilder.build();
 

BinauthzManagementServiceV1Settings.Builder

Builder for BinauthzManagementServiceV1Settings.

PolicyName

PolicyName.Builder

Builder for projects/{project}/policy.

PolicyName.LocationBuilder

Builder for locations/{location}/policy.

ProjectName

ProjectName.Builder

Builder for projects/{project}.

Resources

Resources.AdmissionRule

An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation.

Protobuf type google.cloud.binaryauthorization.v1.AdmissionRule

Resources.AdmissionRule.Builder

An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation.

Protobuf type google.cloud.binaryauthorization.v1.AdmissionRule

Resources.AdmissionWhitelistPattern

An admission allowlist pattern exempts images from checks by admission rules.

Protobuf type google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern

Resources.AdmissionWhitelistPattern.Builder

An admission allowlist pattern exempts images from checks by admission rules.

Protobuf type google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern

Resources.Attestor

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

Protobuf type google.cloud.binaryauthorization.v1.Attestor

Resources.Attestor.Builder

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

Protobuf type google.cloud.binaryauthorization.v1.Attestor

Resources.AttestorPublicKey

An attestor public key that will be used to verify attestations signed by this attestor.

Protobuf type google.cloud.binaryauthorization.v1.AttestorPublicKey

Resources.AttestorPublicKey.Builder

An attestor public key that will be used to verify attestations signed by this attestor.

Protobuf type google.cloud.binaryauthorization.v1.AttestorPublicKey

Resources.PkixPublicKey

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

Protobuf type google.cloud.binaryauthorization.v1.PkixPublicKey

Resources.PkixPublicKey.Builder

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

Protobuf type google.cloud.binaryauthorization.v1.PkixPublicKey

Resources.Policy

A policy for container image binary authorization.

Protobuf type google.cloud.binaryauthorization.v1.Policy

Resources.Policy.Builder

A policy for container image binary authorization.

Protobuf type google.cloud.binaryauthorization.v1.Policy

Resources.UserOwnedGrafeasNote

An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.

Protobuf type google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote

Resources.UserOwnedGrafeasNote.Builder

An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.

Protobuf type google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote

Service

Service.CreateAttestorRequest

Request message for [BinauthzManagementService.CreateAttestor][].

Protobuf type google.cloud.binaryauthorization.v1.CreateAttestorRequest

Service.CreateAttestorRequest.Builder

Request message for [BinauthzManagementService.CreateAttestor][].

Protobuf type google.cloud.binaryauthorization.v1.CreateAttestorRequest

Service.DeleteAttestorRequest

Request message for [BinauthzManagementService.DeleteAttestor][].

Protobuf type google.cloud.binaryauthorization.v1.DeleteAttestorRequest

Service.DeleteAttestorRequest.Builder

Request message for [BinauthzManagementService.DeleteAttestor][].

Protobuf type google.cloud.binaryauthorization.v1.DeleteAttestorRequest

Service.GetAttestorRequest

Request message for [BinauthzManagementService.GetAttestor][].

Protobuf type google.cloud.binaryauthorization.v1.GetAttestorRequest

Service.GetAttestorRequest.Builder

Request message for [BinauthzManagementService.GetAttestor][].

Protobuf type google.cloud.binaryauthorization.v1.GetAttestorRequest

Service.GetPolicyRequest

Request message for [BinauthzManagementService.GetPolicy][].

Protobuf type google.cloud.binaryauthorization.v1.GetPolicyRequest

Service.GetPolicyRequest.Builder

Request message for [BinauthzManagementService.GetPolicy][].

Protobuf type google.cloud.binaryauthorization.v1.GetPolicyRequest

Service.GetSystemPolicyRequest

Request to read the current system policy.

Protobuf type google.cloud.binaryauthorization.v1.GetSystemPolicyRequest

Service.GetSystemPolicyRequest.Builder

Request to read the current system policy.

Protobuf type google.cloud.binaryauthorization.v1.GetSystemPolicyRequest

Service.ListAttestorsRequest

Request message for [BinauthzManagementService.ListAttestors][].

Protobuf type google.cloud.binaryauthorization.v1.ListAttestorsRequest

Service.ListAttestorsRequest.Builder

Request message for [BinauthzManagementService.ListAttestors][].

Protobuf type google.cloud.binaryauthorization.v1.ListAttestorsRequest

Service.ListAttestorsResponse

Response message for [BinauthzManagementService.ListAttestors][].

Protobuf type google.cloud.binaryauthorization.v1.ListAttestorsResponse

Service.ListAttestorsResponse.Builder

Response message for [BinauthzManagementService.ListAttestors][].

Protobuf type google.cloud.binaryauthorization.v1.ListAttestorsResponse

Service.UpdateAttestorRequest

Request message for [BinauthzManagementService.UpdateAttestor][].

Protobuf type google.cloud.binaryauthorization.v1.UpdateAttestorRequest

Service.UpdateAttestorRequest.Builder

Request message for [BinauthzManagementService.UpdateAttestor][].

Protobuf type google.cloud.binaryauthorization.v1.UpdateAttestorRequest

Service.UpdatePolicyRequest

Request message for [BinauthzManagementService.UpdatePolicy][].

Protobuf type google.cloud.binaryauthorization.v1.UpdatePolicyRequest

Service.UpdatePolicyRequest.Builder

Request message for [BinauthzManagementService.UpdatePolicy][].

Protobuf type google.cloud.binaryauthorization.v1.UpdatePolicyRequest

Service.ValidateAttestationOccurrenceRequest

Request message for ValidationHelperV1.ValidateAttestationOccurrence.

Protobuf type google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest

Service.ValidateAttestationOccurrenceRequest.Builder

Request message for ValidationHelperV1.ValidateAttestationOccurrence.

Protobuf type google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest

Service.ValidateAttestationOccurrenceResponse

Response message for ValidationHelperV1.ValidateAttestationOccurrence.

Protobuf type google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse

Service.ValidateAttestationOccurrenceResponse.Builder

Response message for ValidationHelperV1.ValidateAttestationOccurrence.

Protobuf type google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse

SystemPolicyV1Client

Service Description: API for working with the system policy.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 try (SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create()) {
   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
   Resources.Policy response = systemPolicyV1Client.getSystemPolicy(name);
 }
 

Note: close() needs to be called on the SystemPolicyV1Client object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of SystemPolicyV1Settings to create(). For example:

To customize credentials:


 SystemPolicyV1Settings systemPolicyV1Settings =
     SystemPolicyV1Settings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create(systemPolicyV1Settings);
 

To customize the endpoint:


 SystemPolicyV1Settings systemPolicyV1Settings =
     SystemPolicyV1Settings.newBuilder().setEndpoint(myEndpoint).build();
 SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create(systemPolicyV1Settings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

SystemPolicyV1Grpc

API for working with the system policy.

SystemPolicyV1Grpc.SystemPolicyV1BlockingStub

API for working with the system policy.

SystemPolicyV1Grpc.SystemPolicyV1FutureStub

API for working with the system policy.

SystemPolicyV1Grpc.SystemPolicyV1ImplBase

API for working with the system policy.

SystemPolicyV1Grpc.SystemPolicyV1Stub

API for working with the system policy.

SystemPolicyV1Settings

Settings class to configure an instance of SystemPolicyV1Client.

The default instance has everything set to sensible defaults:

  • The default service address (binaryauthorization.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getSystemPolicy to 30 seconds:


 SystemPolicyV1Settings.Builder systemPolicyV1SettingsBuilder =
     SystemPolicyV1Settings.newBuilder();
 systemPolicyV1SettingsBuilder
     .getSystemPolicySettings()
     .setRetrySettings(
         systemPolicyV1SettingsBuilder
             .getSystemPolicySettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 SystemPolicyV1Settings systemPolicyV1Settings = systemPolicyV1SettingsBuilder.build();
 

SystemPolicyV1Settings.Builder

Builder for SystemPolicyV1Settings.

ValidationHelperV1Client

Service Description: BinAuthz Attestor verification

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 try (ValidationHelperV1Client validationHelperV1Client = ValidationHelperV1Client.create()) {
   Service.ValidateAttestationOccurrenceRequest request =
       Service.ValidateAttestationOccurrenceRequest.newBuilder()
           .setAttestor("attestor542920680")
           .setAttestation(AttestationOccurrence.newBuilder().build())
           .setOccurrenceNote("occurrenceNote1722072419")
           .setOccurrenceResourceUri("occurrenceResourceUri1001424877")
           .build();
   Service.ValidateAttestationOccurrenceResponse response =
       validationHelperV1Client.validateAttestationOccurrence(request);
 }
 

Note: close() needs to be called on the ValidationHelperV1Client object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of ValidationHelperV1Settings to create(). For example:

To customize credentials:


 ValidationHelperV1Settings validationHelperV1Settings =
     ValidationHelperV1Settings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 ValidationHelperV1Client validationHelperV1Client =
     ValidationHelperV1Client.create(validationHelperV1Settings);
 

To customize the endpoint:


 ValidationHelperV1Settings validationHelperV1Settings =
     ValidationHelperV1Settings.newBuilder().setEndpoint(myEndpoint).build();
 ValidationHelperV1Client validationHelperV1Client =
     ValidationHelperV1Client.create(validationHelperV1Settings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

ValidationHelperV1Grpc

BinAuthz Attestor verification

ValidationHelperV1Grpc.ValidationHelperV1BlockingStub

BinAuthz Attestor verification

ValidationHelperV1Grpc.ValidationHelperV1FutureStub

BinAuthz Attestor verification

ValidationHelperV1Grpc.ValidationHelperV1ImplBase

BinAuthz Attestor verification

ValidationHelperV1Grpc.ValidationHelperV1Stub

BinAuthz Attestor verification

ValidationHelperV1Settings

Settings class to configure an instance of ValidationHelperV1Client.

The default instance has everything set to sensible defaults:

  • The default service address (binaryauthorization.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of validateAttestationOccurrence to 30 seconds:


 ValidationHelperV1Settings.Builder validationHelperV1SettingsBuilder =
     ValidationHelperV1Settings.newBuilder();
 validationHelperV1SettingsBuilder
     .validateAttestationOccurrenceSettings()
     .setRetrySettings(
         validationHelperV1SettingsBuilder
             .validateAttestationOccurrenceSettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 ValidationHelperV1Settings validationHelperV1Settings =
     validationHelperV1SettingsBuilder.build();
 

ValidationHelperV1Settings.Builder

Builder for ValidationHelperV1Settings.

Interfaces

Resources.AdmissionRuleOrBuilder

Resources.AdmissionWhitelistPatternOrBuilder

Resources.AttestorOrBuilder

Resources.AttestorPublicKeyOrBuilder

Resources.PkixPublicKeyOrBuilder

Resources.PolicyOrBuilder

Resources.UserOwnedGrafeasNoteOrBuilder

Service.CreateAttestorRequestOrBuilder

Service.DeleteAttestorRequestOrBuilder

Service.GetAttestorRequestOrBuilder

Service.GetPolicyRequestOrBuilder

Service.GetSystemPolicyRequestOrBuilder

Service.ListAttestorsRequestOrBuilder

Service.ListAttestorsResponseOrBuilder

Service.UpdateAttestorRequestOrBuilder

Service.UpdatePolicyRequestOrBuilder

Service.ValidateAttestationOccurrenceRequestOrBuilder

Service.ValidateAttestationOccurrenceResponseOrBuilder

Enums

Resources.AdmissionRule.EnforcementMode

Defines the possible actions when a pod creation is denied by an admission rule.

Protobuf enum google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode

Resources.AdmissionRule.EvaluationMode

Protobuf enum google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode

Resources.Attestor.AttestorTypeCase

Resources.AttestorPublicKey.PublicKeyCase

Resources.PkixPublicKey.SignatureAlgorithm

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

Protobuf enum google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm

Resources.Policy.GlobalPolicyEvaluationMode

Protobuf enum google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode

Service.ValidateAttestationOccurrenceResponse.Result

The enum returned in the "result" field.

Protobuf enum google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result